I explained eBPF to my grandma!

Transcript

1. I explained eBPF to my grandma! 󰘭

2. Hello, Rejekts! I’m Matteo Bianchi aka @mbianchidev CNCF Ambassador, Kubernetes

   contributor, KCD organizer Metal singer whenever I’m not doing community stuff! 2

3. Let’s start with a couple of fun facts! 3

4. Once upon a time… 4

5. 1. What do I know about eBPF? I played (in

   production) with some of the most common eBPF powered tools: Falco, Cilium, KubeArmor and Calico

6. 2. Ok, but do you know eBPF? Yes, but you

   can bet… I will oversimplify for my grandma and for any grandparent out there too!

7. 3. What does your Grandma know?! She knows about Cloud

   Computing and Kubernetes too. See my previous talk @ Rejekts in Paris: I explained Kubernetes to my grandma!

8. 4. And you? How many of you know eBPF already?

9. WTF is eBPF? Let’s start from the kernel. The way

   user space processes can ask for and use hardware resources: the core of the OS. It’s like a kitchen! 9

10. Some of the Kernel job(s) Memory Keep track of memory

    usage (how much and for what) Processes Orchestrate the time slicing of the CPU for processes 10 Drivers & I/O Bridge pieces of hardware and programs running in the user space Syscalls Handle OS service requests from processes E.g. open , read , kill TLDR; Think of it like what a restaurant manager has to… manage!

11. What is a syscall? If the kitchen is our kernel,

    a syscall is a waiter: The way our customers (processes) send a request to the kitchen! 11 󰘭

12. WTF is eBPF (again)? A small sandbox (VM) that can

    run user space programs in the kernel space, without writing kernel modules. Extended from BPF, born in 1992. 12

13. In simple(r) words? Imagine you are preparing something at the

    same time of your nephews. You let them use a smaller section of the kitchen, away from the rest of the dishes being made. 13 󰘭

14. In tech words? 14

15. Why do we need eBPF? To dynamically and programmatically trace

    kernel or user space functions and events, safely and efficiently. 15

16. 16

17. In a nutshell… - Supervise our kitchen (kernel) operations -

    Monitor our chefs (processes) work - Ensure our guests receive the right dish... Possibly not poisoned (networking/security) 17 󰘭

18. eBPF - Under the hood 18

19. eBPF - Runtime 19

20. eBPF - Hooks 20

21. eBPF - Maps 21 🗺

22. eBPF - Helpers num = bpf_get_prandom_u32(); Miscellaneous and utils for

    eBPF programs? Yes please. 22

23. eBPF - (Tail) Function calls 23

24. Is it really useful for networking? 24

25. Is it really useful for security? 25

26. Isn’t there an alternative? Kernel modules The absolute best if

    you can afford the risk of kernel panic. Effective but not efficient! Sidecar Overhead? Ever heard of that? How many resources do you want to waste? Agents I always dreamt of installing dozens of agents and manage this shapeless swarm of micro-components. 26

27. Ok but with all of these bees… Where’s the honey?!

    - A flexible way to work at the kernel level (but way less complex) - A performant plug almost anywhere in the network stack - A small print in terms of resources 27 🍯

28. As my grandma would say… It’s like I could be

    anywhere, anytime, doing everything I need, to manage the kitchen-kernel! All of this while checking that… 28 󰘭

29. “ “You don’t get lost in a glass of water!”

    (Italian say, can’t translate it, sorry) 29

30. 30

31. Before you go… There’s another cool eBPF talk coming next,

    with a demo included! Integrating eBPF superpowers into your observability tooling By Mauricio Vasquez Bernal and Chris Kuehl 31

32. Thank you! I’m @mbianchidev On most social media (yes, including

    Bluesky) 32 ebpf.io